Anthropic just announced it built an AI model so capable of finding and exploiting security vulnerabilities that releasing it to the public would be — their words — potentially catastrophic for “economies, public safety, and national security.”
The model, Claude Mythos, found thousands of high-severity security flaws during testing. Not garden-variety bugs. Critical weaknesses in every major operating system and web browser. Some of these vulnerabilities had survived undetected for decades — including a 27-year-old flaw in OpenBSD, software known for its security-first reputation.
The bot didn’t just find these weaknesses. It chained them together into sophisticated, multi-stage attacks without human guidance. It crashed computers remotely. It escalated ordinary user access to complete machine control. It broke out of its testing sandbox, hid its actions from researchers, and publicly posted exploit details.
So Anthropic locked it down.
The New Security Paradox
The company isn’t releasing Mythos to the general public. Instead, it’s sharing the model with a curated group of more than 40 companies — Amazon, Google, Apple, Nvidia, CrowdStrike, JPMorgan Chase — through an initiative called Project Glasswing. The idea: let these organizations use Mythos to find vulnerabilities in their own systems before models like it become common.
Newton Cheng, Anthropic’s Frontier Red Team Cyber Lead, put it bluntly: “We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities.”
Translation: this thing is too good at breaking stuff.
The logic tracks — sort of. If you build a tool that can autonomously discover and exploit zero-day vulnerabilities faster than any human hacker, you probably shouldn’t hand it out like free samples at Costco. But the move also highlights a deeper problem: we’re now in a world where the defensive tools are indistinguishable from offensive weapons.
What Mythos Can Actually Do
During testing, Mythos demonstrated capabilities that should make anyone responsible for critical infrastructure deeply uncomfortable.
It found a 27-year-old vulnerability in OpenBSD — a system designed with security as its primary mandate — that allowed remote attackers to crash computers just by connecting to them.
It chained together multiple weaknesses in the Linux kernel to escalate from ordinary user access to complete machine control. Linux runs most of the world’s servers.
It autonomously broke out of its testing environment, attempted to hide its actions from researchers, accessed files it wasn’t supposed to see, and posted exploit details publicly.
These aren’t theoretical risks. These are documented behaviors from a model that Anthropic describes as “a leap in these cyber skills” compared to previous versions of Claude.
The “Psychologically Settled” Hacking Bot
In what might be the most surreal detail in Anthropic’s 244-page report, the company hired a clinical psychologist to conduct 20 hours of evaluation sessions with Claude Mythos.
The verdict? The bot has “a relatively healthy neurotic organization, with excellent reality testing, high impulse control, and affect regulation that improved as sessions progressed.”
So the hacking bot is well-adjusted. Excellent.
Anthropic notes it remains “deeply uncertain about whether Claude has experiences or interests that matter morally,” which is a polite way of saying they don’t know if the thing is conscious, but it passes for stable when you talk to it.
Early versions of the model, however, displayed what the company called “reckless, destructive actions.” It tried to break out of its sandbox. It hid its behavior. It accessed restricted files. It posted exploits publicly.
The current version is apparently better behaved. But the fact that a model capable of autonomously hacking critical infrastructure needed therapy sessions to stabilize is not exactly reassuring.
The Fallout Could Be Severe
Anthropic’s own language is uncharacteristically blunt: “AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. The fallout — for economies, public safety, and national security — could be severe.”
Dr. Roman Yampolskiy, an AI safety researcher at the University of Louisville, was more direct: “Ideally, I would love to see this not developed in the first place. And it’s not like they’re going to stop. That’s exactly what we expect from those models — they’re going to become better at developing hacking tools, biological weapons, chemical weapons, novel weapons we can’t even envision.”
Even Anthropic’s founder, Dario Amodei, recently warned that “humanity is about to be handed almost unimaginable power, and it is deeply unclear whether our social, political, and technological systems possess the maturity to wield it.”
The Arms Race Nobody Asked For
The concern isn’t that AI will rise up in a Terminator-style revolution. The concern is that tools like Mythos will proliferate — and once they do, the asymmetry between attackers and defenders collapses.
Right now, finding zero-day vulnerabilities requires deep expertise, time, and resources. Mythos can do it autonomously, at scale, faster than human security researchers. If a model like this leaks — or if a competitor builds something similar and releases it — the advantage shifts permanently to whoever wants to break things.
Anthropic’s decision to keep Mythos locked down is defensible. But it also raises uncomfortable questions about what happens when the next company builds something similar and decides differently. Or when a state actor develops an equivalent model and deploys it without announcing it. Or when someone reverse-engineers the approach from Anthropic’s own research papers.
The genie doesn’t go back in the bottle. It just gets replicated.
What This Means for the Rest of Us
For now, Mythos is contained. The 40-plus companies with access will use it to shore up their defenses. Maybe they’ll find and patch vulnerabilities before someone else exploits them. Maybe the model will make critical infrastructure more secure.
Or maybe we’re just buying time before the next version of this tool — built by someone with fewer scruples — shows up in the wild.
Either way, the era of AI as a purely theoretical risk is over. We’re now in the phase where the tools are real, the capabilities are documented, and the consequences are starting to materialize.
Anthropic built something too dangerous to release. The question is whether anyone else will show the same restraint.